I use DNAT to redirect traffic from the external lan eth0 (192.168.1.1) to a
specific host (192.168.10.10) on the internal lan (eth1) like this:
iptables -t nat -A PREROUTING -p tcp --dport 80 -d 192.168.1.1 -j DNAT
--to 192.168.10.10 -i eth0
and then I allow the redirected traffic:
iptables -a FORWARD -p tcp --dport 80 -d 192.168.10.10 ........
It works as expected but with this aproach, it's actually possible from the outside
to find out what internal ip, the http server is located at !.
All one has to do is sending to 192.168.10.1, 192.168.10.2, 192.168.10.3 etc. (to
eth0 on the outside) until one hits the server. The rules allows it.
I have not been able to figure out how to solve this problem.
Any suggestions.
Thanks in advance
Bo Jacobsen
